Information Security Manager

About The Position

Requirements

• 8+ years of progressive information security experience with at least 3–5 years in a senior leadership role.
• Bachelor’s degree in information security, Computer Science, or related field required; master’s degree preferred.
• CISSP (Certified Information Systems Security Professional).
• Working knowledge of CIS18.
• Demonstrated ability to develop and execute a multi-year security strategy in a complex, international organization.
• Deep expertise across security domains: governance, risk and compliance, incident response, identity management, cloud security, and security architecture.
• Experience providing security leadership within a major ERP implementation (SAP, Oracle, or equivalent).
• Exposure to AI/ML security considerations and data governance in an enterprise context.
• Proven ability to communicate complex risks to C-level and Board-level audiences.

Nice To Haves

• Experience managing international operations or multi-jurisdictional compliance environments strongly preferred.
• Experience in commodity trading, manufacturing, agriculture, or complex supply chain industries is a significant advantage.
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• Cloud security certification (CCSP, AWS Security Specialty, or equivalent)

Responsibilities

• Own and drive the enterprise information security strategy, roadmap, and governance framework aligned to SOTG's business objectives and international operating environment.
• Serve as the primary security advisor to the VP of IT and senior leadership on cyber risk, regulatory compliance, and emerging threats.
• Lead the design, implementation, and continuous improvement of SOTG's security program across all domains: network, endpoint, cloud, identity, application, and data.
• Provide security leadership and integration oversight for the ERP transformation program, ensuring secure design, data governance, and access control.
• Define and mature the security posture for SOTG's AI adoption initiatives, establishing governance and risk frameworks for AI tools and data handling.
• Lead all incident response and crisis management activities, including coordination with executive leadership, legal, and external authorities as needed.
• Oversee Business Continuity and Disaster Recovery planning from a security and resilience perspective, including testing and tabletop exercises.
• Build and mentor the information security team; drive a culture of security awareness across the organization.
• Establish and manage the security metrics program, delivering executive-level reporting on risk posture, program maturity, and incidents.
• Manage vendor and third-party risk programs including supply chain security, MSSP governance, and contract security requirements.
• Lead regulatory and compliance activities across applicable frameworks (NIST CSF, ISO 27001, SOC 2, GDPR, and commodity trading-related regulations).
• Own the security budget, forecast spending, and evaluate technology investments with a risk-based lens.